05/15/2017

Pity the poor hackers of the past. They were labeled as data pirates, but they couldn’t steal anything. They could only make copies, and of course, copies are worth much less than originals.

Ransomware is different. By encrypting the target’s data, they are in effect ‘stealing’ it. Instead of having to find a buyer for the ‘stolen’ data, the ransomware operator sells a decryption key to the person who probably values the data most — the owner.

Ransomware allowed for the perfection of the hacking business model, which means it will be used by more and more criminal organizations. Here’s why it’s so perfect:

No need for technical expertise because the exploits are available as a service

The upfront costs are low because of the subscription nature of the service

The “customers” for decryption keys are the people who value the data the most

The market is massive because every person and company on the Internet has data they care about

With such a great business model, we will see an increase in the number of entities employing ransomware services. The FBI says the number of reported ransomware attacks rose four-fold between 2015 and 2016. I predict the pace will increase this year.

There is little that can be done about the first three drivers of this business model, but we can shrink the size of the market while protecting ourselves.

Don’t use unsupported software and operating systems

Be rigorous in the application of patches

Use an email security gateway

When choosing an email security gateway, make sure you are not relying solely on a signature-based system. WannaCry was able to spread quickly in part because there were no signatures for it. Look for systems that use a multi-layered approach that also looks for the intent of the email content, including attachments and URLs. With more than 400,000 malware analyzed in email daily, the protection of email is critical today. Click here for a trial of our multi-layered ATP approach.